diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h index c99883c018..2c29de4646 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h +++ b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h @@ -85,7 +85,8 @@ typedef enum psa_sec_function_s PSA_GENERATOR_READ, PSA_GENERATOR_IMPORT_KEY, PSA_GENERATOR_ABORT, - PSA_KEY_DERIVATION + PSA_KEY_DERIVATION, + PSA_KEY_AGREEMENT }psa_sec_function_t; /**@}*/ diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c index 26e61d962f..16043fb73e 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c +++ b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c @@ -1028,6 +1028,32 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator, } +psa_status_t psa_key_agreement( psa_crypto_generator_t *generator, + psa_key_slot_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + psa_algorithm_t alg ) +{ + psa_error_t err_call; + psa_crypto_derivation_ipc_t psa_crypto_ipc = { 0, 0, 0, 0 }; + psa_crypto_ipc.key = private_key; + psa_crypto_ipc.alg = alg; + psa_crypto_ipc.func = PSA_KEY_AGREEMENT; + + psa_invec_t in_vec[2] = { { &psa_crypto_ipc, sizeof( psa_crypto_ipc ) }, + { peer_key, peer_key_length }}; + + generator->handle = psa_connect( PSA_GENERATOR_ID, MINOR_VER ); + if( generator->handle <= 0 ) + return( PSA_ERROR_COMMUNICATION_FAILURE ); + + err_call = psa_call( generator->handle, in_vec, 2, NULL, 0 ); + + if( err_call < 0 ) + err_call = ( psa_error_t ) PSA_ERROR_COMMUNICATION_FAILURE; + return( ( psa_status_t ) err_call ); +} + psa_status_t psa_generator_abort( psa_crypto_generator_t *generator ) { psa_error_t err_call = PSA_SUCCESS; diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h index fd14b55f47..50dcf193fb 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h +++ b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h @@ -57,6 +57,7 @@ extern "C" { #define psa_generator_import_key psa_sec_generator_import_key #define mbedtls_psa_crypto_free mbedtls_psa_sec_crypto_free #define psa_key_derivation psa_sec_key_derivation +#define psa_key_agreement psa_sec_key_agreement #define psa_generator_abort psa_sec_generator_abort #define mbedtls_psa_inject_entropy mbedtls_psa_sec_inject_entropy diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c index 261c336b9d..a45ffbdfd8 100755 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c +++ b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c @@ -1367,6 +1367,33 @@ void psa_crypto_generator_operations( void ) break; } + case PSA_KEY_AGREEMENT: + { + + uint8_t *private_key = mbedtls_calloc( 1, msg.in_size[1] ); + if ( private_key == NULL ) + { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + break; + } + + bytes_read = psa_read( msg.handle, 1, private_key, + msg.in_size[1] ); + if( bytes_read != msg.in_size[1] ) + { + SPM_PANIC("SPM read length mismatch"); + } + + status = check_spm_key_acl(msg.handle, psa_crypto_ipc.key); + if (status == PSA_SUCCESS) { + status = psa_key_agreement( msg.rhandle, psa_crypto_ipc.key, + private_key, + msg.in_size[1],//private_key length + psa_crypto_ipc.alg ); + } + + break; + } default: { status = PSA_ERROR_NOT_SUPPORTED;